PT-2002-1962 · Php · Php Address

Publicado

2002-10-04

Atualizado

2008-09-05

CVE-2002-0953

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PHP Address versions prior to 0.2f

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter when the PHP allow url fopen and register globals variables are enabled.

Recommendations: For versions prior to 0.2f, consider disabling the register globals variable and restricting the use of allow url fopen to minimize the risk of exploitation. Additionally, avoid using the LangCookie parameter in sensitive operations until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-0953

Produtos afetados

Php Address

PT-2002-1962 · Php · Php Address

CVE-2002-0953

Identificadores relacionados

Produtos afetados

Referências · 6